Information such as personal data and other sensitive information may be passed across a network such as the Internet, for example to provide credential information, payment information, or personal account management information. To protect sensitive information, the information can be transmitted over a secure transmission connection, such as Transport Layer Security (TLS) or Secure Socket Layer (SSL).
To secure information from unauthorized review, the information can be digitally encrypted. One example of digital encryption is public key cryptography. In the public key cryptography scheme, two separate but mathematically-connected keys (e.g., numeric values) are used to secure the information. The first, a public key, is used to encrypt the data using an encryption algorithm. The second, a private key, can be used by the receiver of the data to decrypt the encrypted information. The receiver supplies the sender with the public key such that the sender is capable of securely transmitting information to the receiver.
The receiver of sensitive information may be obligated to secure the privacy of the user from unauthorized access to the sensitive information. Information may be sensitive if the information is confidential (e.g., industry and/or professional standards indicate that only designated parties should have access to the information). Information may be sensitive if a party incurs regulatory obligations for handling the information due to exposure to the information. Information may be sensitive if a party incurs potential liability due to handling of and/or exposure to the information.
An example of sensitive information is payment instrument information, such as a credit card number. When merchants conduct transactions using a credit card number, a variety of information is requested from the card holder, such as the credit card number and credit verification value (CVV), name of the card holder as printed on the card, card expiration date, and the card holder address. The personal information entered by the user may be used by a transaction processing system (e.g., credit card processing system) to validate the credit card is being used by the credit card holder.
When conducting electronic transactions, payment instrument information may be stored for later use. For example, some online retailers provide the user with the opportunity to store information regarding one or more credit cards for later use. Upon providing user credentials with the retailer (e.g., username and password), the credit card holder may be presented with the opportunity to select a previously used credit card. When storing information on credit cards for later use, the retailer typically requires the user to provide secure login information (e.g., a user name and password combination). When conducting a later transaction, the user is prompted for the secure login information prior to being provided the opportunity to use the stored payment instrument information. This often results in the user needing to remember multiple user names and passwords, as secure login requirements may differ from retailer to retailer. Additionally, this may result in the user resorting to less secure login information to improve ease of remembrance.
Alternatively, a user, when conducting electronic transactions, may register with an electronic wallet (eWallet) vendor. Through a computer application provided by the eWallet vendor, for example, the user may receive authorization for conducting a transaction.
There exists a need for a solution that remains resident to the experience provided by the online retailer, yet bypasses the requirements for remembering retailer-specific usernames and passwords for accessing payment instrument information. There additionally exists a need for a solution that allows for the authorizing the transfer of stored credit card information from a first online retailer to a second online retailer, thus providing an enter once solution for accessing payment instrument information across multiple online retailers.